Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Bank loses tape with personal information on 90,000 customers

From: David Farber <dave () farber net>
Date: Thu, 12 Jan 2006 16:27:21 -0500


Begin forwarded message:

From: Richard Wiggins <richard.wiggins () gmail com>
Date: January 12, 2006 2:42:35 PM EST
To: David Farber <dave () farber net>
Cc: shoop () iwiring net
Subject: Re: [IP] Bank loses tape with personal information on 90,000 customers 

> In most all cases the data is encrypted.

Dave,
This claim needs documentation, as it does not match recent news stories. In fact, it seems to be the case that the standard practice is to encrypt data when it goes over a network wire, but not to encrypt it when stored inside the data center or backed up to tape or sent via tape for offsite storage.
-- News coverage of the People's Bank incident does not imply that the tapes were encrypted; instead, the bank says that in the future they will use encrypted network transmission.
-- "CitiFinancial lost tapes containing data for 3.9 million customers; Bank of America, 1.2 million customers; Time Warner, 600,000 customers; and Ameritrade, 200,000 customers, the Privacy Rights group reported last week. Overall, almost 52 million people had their personal information put at risk as a result of data heists in 2005, the watchdog group said." -- http://www.orlandosentinel.com/business/orl- banks0206jan02,0,5638345.story?coll=orl-business-headlines
-- "The Marriott time-share case came shortly after another mysterious data-tape disappearance reported by a Michigan-based lender.In a Dec. 18 letter to customers, ABN AMRO Mortgage Group said the tape went missing during shipment by DHL, the express-delivery service. Although there was no evidence of wrongdoing, ABN alerted authorities and made a free credit-monitoring service available to customers for 90 days. About 2 million customers were at risk from the apparent security breach, according to an estimate from the Privacy Rights Clearinghouse. A week later, however, ABN reported the tape had been found in the same DHL shipping facility to which it had been previously traced. Employee error at DHL was blamed for the miscue. ABN reassured customers there was little chance the data had been misused, but it continued to offer the temporary credit-monitoring service." [ibid.] 

/rich

On 1/12/06, David Farber <dave () farber net> wrote:

Begin forwarded message:

From: Dan Shoop <shoop () iwiring net >
Date: January 12, 2006 9:41:01 AM EST
To: dave () farber net, ip () v2 listbox com
Subject: Re: [IP] Bank loses tape with personal information on 90,000 customers 


This actually happens all the time. The bank FedEx's or otherwise
sends a tape, it get's lost. This happens. In a past life as a
datacenter manager at Citibank we used to receive palettes of tapes
by FedEx every morning from Sioux Falls, SD, where the credit card
processing center was, a truck of tapes having better bandwidth at
lower cost that any telco line.  Occassionally tapes got lost, it was
no big deal and no one thought much of it other than to request
another copy. California, IIRC, was the first state to mandate that
any lost customer records of any sort has to be reported, and other
states have followed suit. Since such laws been enacted that it must
be reported it's been getting recent press and what is actually a
common occurance is now "news". The risk from this is considered very
low. In most all cases the data is encrypted. Even if it wasn't other
policies prevent keeping say account numbers and names, or other
required pieces of information necessary to commit a fraud or
identity theft with information together in the same place at once.

Having names and Social Security numbers together is considered low
risk since this information is readily available through numerous
sources.
--

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
shoop () iwiring net                                 http://www.ustsvs.com/
1-646-217-4725

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF  12B1 7840 3BE7 3736 DE0B

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.


-------------------------------------
You are subscribed as galler () umich edu
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting- people/ 


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: